>what do users of an HTTP binding need to get at w/o
>cracking the XML. If there is such info, then we should
>have HTTP headers.
Good question. There are at least a few cases where having some
information in the HTTP header fields could be of help - if for nothing
else then to shut off messages unless they are signed or otherwise
verified:
A) The sender could apply content encoding (like deflate) to the entity
body which would make it cumbersome to inflate the message to see what
it is if one desired to do so.
B) There is the question of what to do with MIME multipart/related
binding. There the media type is multipart/related and only by looking
for the root entity can it be determined that this is in fact a SOAP
message.
C) One could imagine an encrypted SOAP message embedded in MIME
multipart where there is no mechanism whatsoever to look through the
message unless one is the chosen one.
I am sure there are more. In fact these are all very similar to what one
might imagine the content type [1] can be used for (and often is).
Henrik
[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec7.html#sec7.2.1